使用ldap用户访问nfs(kerberos与ad)

首先需要改变ip域名的关系

192.168.100.01 Hadoop 01.gyb.big data.demo.com Hadoop 01

192.168.100.02 Hadoop 02.gyb.big data.demo.com Hadoop 02

192.168.100.03 Hadoop 03.gyb.big data.demo.com Hadoop 03

192.168.100.04 Hadoop 04.gyb.big data.demo.com Hadoop 04

#具体地说

vim /etc/hosts IPA-Client安装目标同步配置文件

sh/home/go2 rsync.sh/etc/krb5.conf IPA-client安装(在所有安装client的计算机上运行) () ) ) ) ) )。

IPA-client-install-- domain=gyb.big data.demo.com-- server=Hadoop 01.gyb.big data.demo.com---- realm=

autodiscoveryofserversforfailovercannotworkwiththisconfiguration。

ifyouproceedwiththeinstallation，serviceswillbeconfiguredtoalwaysaccessthediscoveredserverforalloperationsandwillnotfaillovertation

proceedwithfixedvaluesandnodnsdiscovery？ [否] :是

client hostname : Hadoop 02.gyb.big data.demo.com

Realm: GYB.BIGDATA.DEMO.COM

ds domain : gyb.big data.demo.com

ipaserver : Hadoop 01.gyb.big data.demo.com

BaseDN: dc=gyb，dc=bigdata，dc=demo，dc=com

continuetoconfigurethesystemwiththesevalues？ [否] :是

同步时间with KDC…

attemptingtosynctimeusingntpd.willtimeoutafter 15 seconds

unable to sync time with NTP服务器，assumingthetimeisinsync.pleasecheckthat 123 udpportisopened。

passwordforadmin @ gyb.big data.demo.com :

Successfully retrieved CA cert

subject : cn=certificate authority，O=GYB.BIGDATA.DEMO.COM

issuer : cn=certificate authority，O=GYB.BIGDATA.DEMO.COM

valid from :2021-11-0202336058336023

valid until :2041-11-0202336058336023

enrollediniparealmgyb.big data.demo.com

Created /etc/ipa/default.conf

新固态硬盘配置will be created

configuredsudoersin/etc/nsswitch.conf

配置/etc/sssd/sssd.conf

configured/etc/krb5.confforiparealmgyb.big data.demo.com

trying https://Hadoop 01.gyb.big data.demo.com/IPA/JSON

trying https://Hadoop 01.gyb.big data.demo.com/IPA/session/JSON

系统wide ca数据库更新。

hostname (Hadoop 02.gyb.big data.demo.com) does not have A/AAAA record。

故障到更新DNS记录。

missinga/AAAArecord(s ) forhosthadoop 02.gyb.big data.demo.com :192.168.100.28。

缺少地址(s ) es ) : 192.168.100.28。

addingsshpublickeyfrom/etc/ssh/ssh _ host _ RSA _ key.pub

addingsshpublickeyfrom/etc/ssh/ssh _ host _ ECD sa _ key.pub

addingsshpublickeyfrom/etc/ssh/ssh _ host _ ed 25519 _ key.pub

Could not更新xnd记录。

已启用固态硬盘

configured/etc/OpenLDAP/LDAP.conf

nosrvrecordsofntpserversfound.ipaserveraddresswillbeused

Configured /etc/ssh/ssh_config

Configured /etc/ssh/sshd_config

configuringgyb.big data.demo.comas NIS domain。

客户端配置完成。

the IPA-client-installcommandwassuccessful

2 :在服务器上检查输入命令的登录

kinit管理员